MicrosoftThrough trial and error, I've found that the following JSON Schema works;
{
"properties": {
"data": {
"properties": {
"EXP": {
"type": "integer"
},
"Id": {
"type": "string"
},
"NBF": {},
"ObjectName": {
"type": "string"
},
"ObjectType": {
"type": "string"
},
"VaultName": {
"type": "string"
},
"Version": {
"type": "string"
}
},
"type": "object"
},
"dataVersion": {
"type": "string"
},
"eventTime": {
"type": "string"
},
"eventType": {
"type": "string"
},
"id": {
"type": "string"
},
"metadataVersion": {
"type": "string"
},
"subject": {
"type": "string"
},
"topic": {
"type": "string"
}
},
"type": "object"
}
Got this with a failed attempt with a random Schema, but that presented me with a sample payload I could then use;
{
"id": "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"topic": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/examplerg/providers/Microsoft.KeyVault/vaults/examplekv",
"subject": "examplesecret",
"eventType": "Microsoft.KeyVault.SecretExpired",
"data": {
"Id": "https: //examplekv.vault.azure.net/secrets/examplesecret/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"VaultName": "examplekv",
"ObjectType": "Secret",
"ObjectName": "examplesecret",
"Version": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"NBF": null,
"EXP": 1716385818
},
"dataVersion": "1",
"metadataVersion": "1",
"eventTime": "2024-05-22T13:51:52.0753357Z"
}
I would say, following this guide exactly would replace the secret with a known value (stated in the body of the HTTP step) so additional steps will need to be added to this to generate a string as per your requirements.
Additionally, the new secret entered doesn't have an expiration date, so will never be rotated again.
